[Owasp-board] FW: Axfr on owasp.org
Laurence Casey
larry.casey at owasp.org
Fri Nov 13 15:42:12 UTC 2009
------ Forwarded Message
From: Laurence Casey <larry.casey at aspectsecurity.com>
Date: Fri, 13 Nov 2009 10:36:48 -0500
To: Tom Brennan - OWASP <tomb at owasp.org>, David Campbell
<dcampbell at owasp.org>
Cc: Kate Hartmann <kate.hartmann at owasp.org>, Dinis <dinis at ddplus.net>, OWASP
Foundation Board List <owasp-board at lists.owasp.org>
Conversation: Axfr on owasp.org
Subject: Re: Axfr on owasp.org
Tom,
Thanks for pointing this out. I did discuss this with our 3rd party DNS
provider and they refused to turn off zone transfers a month ago. Going
third party does not guarantee a secure environment, in fact the opposite is
more likely.
As for allowing zone transfers, I don¹t think it¹s embarrassing at all.
Using DNS as a security mechanism would be more embarrassing. We have
nothing to hide in our DNS configuration. I do agree that not allowing them
would be better, but in this case, my hands are tied as the provider is not
budging.
--Larry
On 11/13/09 7:52 AM, "Tom Brennan - OWASP" <tomb at owasp.org> wrote:
> Dave,
>
> Jabra reported this over a month ago discussed with Jeff Williams - this is
> another reason to move to a 3rd party hosting solution.
>
>
>
> On Thu, Nov 12, 2009 at 4:43 PM, David Campbell <dcampbell at owasp.org> wrote:
>> Hey speaker in this talk just mentioned that owasp.org <http://owasp.org>
>> permits zone xfers.
>>
>> Can you get that disabled? Pretty embarrasing
>>
>> Dc
>>
>
>
------ End of Forwarded Message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091113/aba852b1/attachment-0002.html>
More information about the Owasp-board
mailing list